using System;
using SecuBat.AttackPlugin;
using SecuBat.Crawling.Forms;
using Css.Diagnostics;
using SecuBat.Logging;

namespace SecuBat.AttackPlugins.SimpleSqlInsertion
{
	/// <summary>
	/// Summary description for FormAttack.
	/// </summary>
	[AttackPlugin]
	public class SimpleSqlInsertionAttack : AttackBase, IAttack
	{
		public SimpleSqlInsertionAttack(int attackerRunId, int attackFormId, int pluginId, FormParameter submitButton, IAnalysis mainAnalysis, ICommonData commonData) : 
			base(attackerRunId, attackFormId, pluginId, submitButton, mainAnalysis, commonData)
		{
		}

		public override void InitializeAttack()
		{
			base.InitializeAttack();

			String attackValue = "'";
			foreach (FormParameter param in AttackForm.Parameters)
			{
				switch (param.Type)
				{
					case FormParameterType.Hidden:
						this.AttackParameters.Add(param.Name, param.Value);
						LogManager.Write(TraceLevel.Verbose, String.Format("Adding hidden parameter \"{0}\" using value \"{1}\" to post data.", param.Name, param.Value), "Attack creation");
						break;
					case FormParameterType.Password:
					case FormParameterType.Text:
						this.AttackParameters.Add(param.Name, attackValue);
						LogManager.Write(TraceLevel.Verbose, String.Format("Adding text parameter \"{0}\" using value \"{1}\" to post data.", param.Name, attackValue), "Attack creation");
						break;
					case FormParameterType.Radio:
					case FormParameterType.Checkbox:
						//TODO
						break;
				}
			}
		}
	}
}
